Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

I have a server with a RAID5 array with important data on it, so of course I would like to make offsite backups. I have an external harddisk that is big enough to put these backups on. The problem here is that I want to maintain the same CIA values(confidentiality, Integrety and Availability) when I put this external harddisk somewhere else it'll influence the confidentiality too much if the data is just on there. So encryption of the data might solve my problem but how do I do this?

I want to make regular backups using preferably rsync(or something like that) and I want to keep the file permissions the same so I can just turn the backup around and go back a version. Also I want this to be done within a few hours over a gb connection.

What is the "professional" and secure way to do this?

I've read about encrypted filesystems and encrypted containers for the files but it's hard to pick something and I'd like to know what is usually used.

backups from my laptop to the server with raid5 are already done using a custom rsync script.but there are more systems that use the backup server and they all need to be able to access their data in a secure way.

rsync is using ssh transport by default so is encrypting/decrypting the data transfer. That alone is going to slow things down. If you write to/read from an encrypted filesystem I suspect it would slow things down even further.

What you might want to do is look for another backup utility. Bacula is one I see mentioned frequently though I don't use it. (We use commercial NetBackup which has its own ecryption stuff.) On checking to see if Bacula does encrypted backups I found it does:

isn't Bacula something for scheduled backups? all I want to do is make a manual backup every week, to an external harddisk where I can preferably verify the integrity(checksum?) and also recover files and permissions from.

Thank you all for thinking along!
I'm going to virtualise a server to test this out. Only thing is... the harddrive is connected to my laptop, an ubuntu machine that I use for multiple purposes, I don't need the off site backups to be done too often, but I do want them secure.

Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.

Isn't there an easier way where I can just backup everything to an encrypted file that I can open (say with a password?) and that also has checksums for the files? I do want my integrety and confidentiallity to be secure and I might even want to try and also backup my gb's to a shared public drive somewhere and for this I want to make sure it's not tampered with when I do a recovery.

Almost certainly! Configuring Bacula is no-trivial; it is an enterprise level solution with the power (and associated complexity!) that implies.

tar (and others) could be used for the backup and gpg (and others) could be used to encrypt the tarball. Nice to keep checksums for both the encrypted and unencrypted files.